Submission Details
Severity:
The SablierV2MerkleLockup::name() function fails to decode the encoded NAME variable correctly, impacting the protocol's ability to return the actual name.
Summary
SablierV2MerkleLockup::name() doesn't decode the encoded name string.
Vulnerability Details
In the constructor, NAME variable defined as bytes32 with encoded params.name as a value.
constructor(MerkleLockup.ConstructorParams memory params) {
...
NAME = bytes32(abi.encodePacked(params.name));
...
}
However, SablierV2MerkleLockup::name() returning an encoded NAME variable.
/// @inheritdoc ISablierV2MerkleLockup
function name() external view override returns (string memory) {
return string(abi.encodePacked(NAME));
}
Impact
The protocol is unable to return an actual NAME variable.
Tools Used
Manual Review
Recommendations
constructor(MerkleLockup.ConstructorParams memory params) {
...
// Removing bytes32 because abi.decode doesn't accept bytes32 value
- NAME = bytes32(abi.encodePacked(params.name));
+ NAME = abi.encodePacked(params.name);
...
}
/// @inheritdoc ISablierV2MerkleLockup
function name() external view override returns (string memory) {
+ return abi.decode(NAME, (string));
- return string(abi.encodePacked(NAME));
}
Prize pool breakdown
Total prize
53,440 USDC
nSLOC
2,65520 USDC / LOC
45,000 USDC
3,100 USDC
5,340 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.